Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Generic User Avatar

Decryption keys are now freely available for victims of CryptoLocker


  • Please log in to reply
217 replies to this topic

#211 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:25 PM

Posted 03 October 2018 - 05:03 PM

A repository of all current knowledge regarding CryptoWall, CryptoWall 2.0, CryptoWall 3.0 & CryptoWall 4.0 is provided by Grinler (aka Lawrence Abrams), in the: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ.

The only methods you have of restoring your files is from backup, file recovery software or from Shadow Volume Copies as explained in the FAQ: How to restore files encrypted by CryptoWall....but there is no guarantee that will work.

.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


BC AdBot (Login to Remove)

 


#212 stacyp72

stacyp72

  •  Avatar image
  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 09 January 2020 - 10:33 PM

Hi All,

 

New Here.

 

I know this is an old post but just had a client get hit with Cryptolocker. All files have .cryptolocker extension. Are there any decryption tool available. 


Edited by stacyp72, 09 January 2020 - 10:33 PM.


#213 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:25 PM

Posted 10 January 2020 - 06:40 AM

The original CryptoLocker Ransomware which first appeared in the beginning of September 2013...does not exist anymore and hasn't since June 2014. There are many copycat ransomware variants which pretend to be or use the CryptoLocker name but these infections are not the same.
 
Did you submit (upload) samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware (IDR) OR Emsisoft Identify your ransomware for assistance with identification and confirmation of the infection? Uploading both encrypted files and ransom notes together along with any contact email addresses or hyperlinks provided by the criminals gives a more positive match with identification and helps to avoid false detections.


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif


#214 stacyp72

stacyp72

  •  Avatar image
  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 10 January 2020 - 11:49 AM

Emisisoft ID's it as RAPID but the files have the .cryptolocker extension. and not the .rapid.


Edited by stacyp72, 10 January 2020 - 11:52 AM.


#215 Demonslay335

Demonslay335

    Ransomware Hunter


  •  Avatar image
  • Security Colleague
  • 4,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:25 PM

Posted 10 January 2020 - 12:25 PM

Rapid uses different extensions, not just .rapid. ID Ransomware (which powers the Emsisoft identifier) can tell by the filemarker, so it is very accurate. Definitely Rapid.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#216 stacyp72

stacyp72

  •  Avatar image
  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:25 PM

Posted 10 January 2020 - 12:30 PM

Thanks for the info. So far Rapid not decryptable correct?



#217 Demonslay335

Demonslay335

    Ransomware Hunter


  •  Avatar image
  • Security Colleague
  • 4,770 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:25 PM

Posted 10 January 2020 - 02:33 PM

Correct. Only the criminals have the private RSA keys to decrypt your, and everyone else's files. I've personally analyzed several variants of Rapid, and they are all secure. Lots of mistakes in their code, but nothing that compromises the crypto scheme used.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#218 quietman7

quietman7

    Bleepin' Gumshoe


  •  Avatar image
  • Global Moderator
  • 61,818 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:25 PM

Posted 10 January 2020 - 03:24 PM

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.



 


.
.
Microsoft MVP Alumni 2023Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users